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-- The MAILING DA TE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication(s) filed on 23 November 2007 . 
2a)KI This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) IEI Claim(s) 1-11 is/are pending in the application. 

4a) Of the above ciaim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) KI Claim(s) 1-11 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) £3 Notice of References Cited (PTO-892) 

2) CH Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) O Information Disclosure Statement(s) (PTO/SB/08) 



4) □ Interview Summary (PTO-413) 



5) C3 Notice of Informal Patent Application 

6) □ Other: . 



Paper No(s)/Mail Date. 



Paper No(s)/Mail Date 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No./Mail Date 20080127 



Application/Control Number: Page 2 

10/750,516 

Art Unit: 2132 

DETAILED ACTION 
Response to Arguments 

1 . Applicant's arguments with respect to claims 1-11 have been considered but 
are moot in view of the new grounds of rejection. 

Claim Rejections - 35 USC § 103 

2. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

3. Claims 1 - 11 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Pierce in view of DiPierro in view of Gruber US Publication 2003/0014633 A1 . 

4. Referring to claims 1 and 10, Pierce discloses: 

a. Creating a timestamp that includes an expiration time (page 7, paragraph 
76), and a security token (figure 4), and inserting them in the header (page 9, 
paragraph 89). 

b. Encrypting data to be transferred with a secret key (page 2, paragraph 19, 
and inserting it in the body (page 8, paragraph 88). 

c. Attaching a digital signature to create a signature, and inserting it in the 
header (page 8, paragraph 86). 

d. Encrypting the secret key with the service key (page 7, paragraph 77) and 
inserting it in the header (page 9, paragraph 89). The key is encrypted in the 
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token which is then in the header. Therefor the key is in the header. The service 
key could be a public key (page 4, paragraph 40). 

2. Pierce does not explicitly disclose the digital signature being encrypted in the 
header. However, DiPierro discloses encrypting the digital signature in the header (page 

3, paragraph 39). 

3. Pierce and DiPierro are analogous art because they are from the same field of 
endeavor, securing data that is transferred. At the time of the invention, it would have 
been obvious to one of ordinary skill in the art, having the teachings of Pierce and 
DiPierro before him or her, to modify Pierce to include the digital signature encryption of 
DiPierro. The motivation for doing so would have been that it renders the data 
significantly safer (page 3, paragraph 39). 

4. Pierce in view of DiPierro does not explicitly disclose a creation time. However, 
Gruber discloses indicating a start time and end time (page 2, paragraph 11). 

5. Pierce, DiPierro and Gruber are analogous art because they are from the same 
field of endeavor, securing data. At the time of the invention, it would have been obvious 
to one of ordinary skill in the art, having the teachings of Pierce, DiPierro and Gruber 
before him or her, to modify Pierce in view of DiPierro to include the creation time and 
expiration of Gruber. The motivation for doing so would have been to make clear when 
the approval started. 

6. Referring to claim 2, Pierce teaches that the session key is used to both encrypt 
(page 2, paragraph 19) and decrypt (page 2, paragraph 21) the data . It is inherent that 
the session key is symmetric. 
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7. Referring to claim 3, Pierce teaches that the public key encryption done on the 
secret key is asymmetric (page 4, paragraph 40). 

8. Referring to claim 4, since a SOAP message is XML (Pierce, Page 8, Paragraph 
83) it is understood that the encryption would be using an XML algorithm. 

9. Referring to claims 5 and 1 1 , Pierce teaches: 

e. Acquiring a certificate for verifying a signature of the SOAP message 
(page 8, paragraph 86). 

f. Decrypting an encrypted key in the security header(page 7, paragraph 71) 
with a private key (page 4, paragraph 40). 

g. Inserting a digital signature in the header (page 8, paragraph 86). 

h. Verifying the signature is not specifically stated, but Pierce does state that 
the system would be able to check the validity of the signature (page 8, 
paragraph 86). 

i. Decrypting the encrypted data in the SOAP body with the secret key (page 
2, paragraph 21). 

1 0. Pierce does not explicitly disclose decrypting the digital signature. However, 
DiPierro discloses decrypting the digital signature (page 4, paragraph 51). 

1 1 . Pierce and DiPierro are analogous art because they are from the same field of 
endeavor, securing data that is transferred. At the time of the invention, it would have 
been obvious to one of ordinary skill in the art, having the teachings of Pierce and 
DiPierro before him or her, to modify Pierce to include the digital signature decryption of 
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DiPierro, The motivation for doing so would have been that the only way to be able to 
verify the digital signature you would have to decrypt it. 

12. Pierce in view of DiPierro does not explicitly disclose the certificate being in the 
security token which is in the header. However, Gruber discloses the token being a 
certificate (page 2, paragraph 21) and that the header contains the token (page 5, claim 
19). The token also contains a signature that verifies identification (page 4, paragraph 
30). 

1 3. Pierce, DiPierro and Gruber are analogous art because they are from the same 
field of endeavor, securing data. At the time of the invention, it would have been obvious 
to one of ordinary skill in the art, having the teachings of Pierce, DiPierro and Gruber 
before him or her, to modify Pierce in view of DiPierro to include token being the 
certificate that is in the header of Gruber. The motivation for doing so would have been 
to be able to verify the identification (page 4, paragraph 30). 

14. Referring to claim 6, Pierce teaches the passing of the certificate as it is part of 
the security-concerning information (page 8, paragraph 86). In the specification the 
applicant defines a security token as security-concerning information. 

1 5. Referring to claim 7, Pierce teaches that the session key is used to both encrypt 
(page 2, paragraph 19) and decrypt (page 2, paragraph 21) the data . It is inherent that 
the session key is symmetric. 

16. Referring to claim 8, Pierce teaches that the public key encryption done on the 
secret key is asymmetric (page 4, paragraph 40). 
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17. Referring to claim 9, since a SOAP message is XML (Pierce, Page 8, Paragraph 
83) it is understood that the encryption would be using an XML algorithm. 

Conclusion 

18. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Cordelia Kane whose telephone number is 571-272- 
7771 . The examiner can normally be reached on Monday - Thursday 8:00 - 5:00 EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 





Cordelia Kane 
Patent Examiner 
Art Unit 21 32 
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